Free Essay

Upload

In: Business and Management

Submitted By huynhdvse03488
Words 1090
Pages 5
Fundamentals of Information
Systems Security
Lesson 1
Information Systems Security

Fundamentals of Information Systems Security

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.

Page 1

Learning Objective
 Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 2

Key Concepts
 Confidentiality, integrity, and availability (C-I-A) concepts  Layered security solutions implemented for the seven domains of a typical IT infrastructure
 Common threats for each of the seven domains
 IT security policy framework
 Impact of data classification standard on the seven domains

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 3

DISCOVER: CONCEPTS

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 4

Introducing ISS

ISS
Information
Systems
Information

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 5

The C-I-A Triad

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 6

Confidentiality
Personal Data and Information
• Credit card account numbers and bank account numbers
• Social security numbers and address information

Intellectual Property
• Copyrights, patents, and secret formulas
• Source code, customer databases, and technical specifications National Security
• Military intelligence
• Homeland security and government-related information

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 7

Integrity
Maintain valid, uncorrupted, and accurate information.  User names and passwords
 Patents and copyrights
 Source code
 Diplomatic information
 Financial data

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 8

Integrity (Cont.)

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 9

Availability

X
X

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

X

Page 10

Compliance Laws Driving ISS
Health Insurance Portability and
Accountability Act (HIPAA)

Sarbanes-Oxley (SOX) Act

Children’s Internet Protection Act (CIPA)

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 11

IT Security Policy Framework
POLICY

Standard

A short written statement that defines a course of action that applies to the entire organization A detailed written definition of how software and hardware are to be used

Procedure

Written instructions for how to use the policy and standard

Guideline

Suggested course of action for using the policy, standard, or procedure

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 12

Seven Domains of a Typical IT
Infrastructure

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 13

Common Threats in the User
Domain
 Lack of user awareness
 User apathy toward policies
 User violating security policy
 User inserting CD/DVD/USB with personal files Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 14

Common Threats in the User
Domain (Continued)
 User downloading photos, music, or videos
 User destructing systems, applications, and data  Disgruntled employee attacking organization or committing sabotage
 Employee blackmail or extortion

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 15

Common Threats in the
Workstation Domain
 Unauthorized workstation access
 Unauthorized access to systems, applications, and data
 Desktop or laptop operating system vulnerabilities  Desktop or laptop application software vulnerabilities or patches

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 16

Common Threats in the
Workstation Domain (Continued)
 Viruses, malicious code, and other malware
 User inserting CD/DVD/USB with personal files  User downloading photos, music, or videos

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 17

Common Threats in the LAN
Domain
 Unauthorized physical access to LAN
 Unauthorized access to systems, applications, and data
 LAN server operating system vulnerabilities
 LAN server application software vulnerabilities and software patch updates Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 18

Common Threats in the LAN
Domain (Continued)
 Rogue users on WLANs
 Confidentiality of data on WLANs
 LAN server configuration guidelines and standards Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 19

Common Threats in the
LAN-to-WAN Domain
 Unauthorized probing and port scanning
 Unauthorized access
 Internet Protocol (IP) router, firewall, and network appliance operating system vulnerability  Local users downloading unknown file types from unknown sources WAN
Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 20

Common Threats in the WAN
Domain
 Open, public, and accessible data
 Most of the traffic being sent as clear text
 Vulnerable to eavesdropping
 Vulnerable to malicious attacks
 Vulnerable to denial of service
WAN
(DoS) and distributed denial of service (DDoS) attacks

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 21

Common Threats in the WAN
Domain (Continued)
 Vulnerable to corruption of information and data  Insecure Transmission Control
Protocol/Internet Protocol
(TCP/IP) applications
 Hackers and attackers e-mailing
WAN
Trojans, worms, and malicious software freely and constantly

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 22

Common Threats in the Remote
Access Domain
 Brute-force user ID and password attacks
 Multiple logon retries and access control attacks
 Unauthorized remote access to
IT systems, applications, and data
 Confidential data compromised remotely Internet
 Data leakage in violation of data classification standards

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 23

Common Threats in the
Systems/Applications Domain
 Unauthorized access to data centers, computer rooms, and wiring closets
 Difficult-to-manage servers that require high availability  Server operating systems software vulnerability management
 Security required by cloud computing virtual environments
Cloud
 Corrupt or lost data
Computing
Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 24

DISCOVER: PROCESS

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 25

DISCOVER: ROLES

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 26

Who Implements the C-I-A Triad?
Confidentiality
 User
 IT administrator
 Network administrator  Human resources  Senior management Integrity

Availability

 User
 IT administrator
 Network administrator  Human resources  Senior management  IT administrator
 Network administrator  Third-party vendor, for example, telecommunication company Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 27

DISCOVER: RATIONALE

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 28

Cyberspace: The New Frontier

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 29

Summary
 Terms associated with ISS include risks, threats, and vulnerabilities
 Layered security strategy protects an IT infrastructure’s C-I-A
 IT policy framework includes policies, standards, procedures, and guidelines
 Data classification standard defines how data is to be handled within an IT infrastructure

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 30

Virtual Lab
 Performing Reconnaissance and Probing
Using Common Tools

Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn

Page 31

Similar Documents

Free Essay

Upload

...upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload upload ...

Words: 256 - Pages: 2

Free Essay

Upload

...Regulation S-X Rule 4-01, Form, Order and Terminology S99-1     The following is the text of Regulation S-X Rule 4-01, Form, Order and Terminology. * (a) Financial statements should be filed in such form and order, and should use such generally accepted terminology, as will best indicate their significance and character in the light of the provisions applicable thereto. The information required with respect to any statement shall be furnished as a minimum requirement to which shall be added such further material information as is necessary to make the required statements, in the light of the circumstances under which they are made, not misleading. * (1) Financial statements filed with the Commission which are not prepared in accordance with generally accepted accounting principles will be presumed to be misleading or inaccurate, despite footnote or other disclosures, unless the Commission has otherwise provided. This article and other articles of Regulation S-X provide clarification of certain disclosures which must be included in any event, in financial statements filed with the Commission. * (2) In all filings of foreign private issuers (see § 230.405 of this chapter), except as stated otherwise in the applicable form, the financial statements may be prepared according to a comprehensive body of accounting principles other than those generally accepted in the United States if a reconciliation to United States generally accepted accounting principles and the...

Words: 515 - Pages: 3

Premium Essay

No Upload

...Short Answer Assignment 5.1 1. Conditionally executed is a single alternative decision structure. It provides only one alternative path of execution. The action is conditionally executed because it is performed only when a certain condition is true. 2. Using the IF statement will be the way to go because it is a dual alternative decision structure. 3. The case structure would be the most straightforward to use. 4. The and operator takes two Boolean expressions as operands and creates a compound Boolean expression that is true only when both sub-expressions are true. 5. The OR operator takes two Boolean expressions as operands and create a compound Boolean expression that is true when either of the sub-expressions are true. 6. The And operator 7. A flag is a Boolean variable that signals when some conditions exists in the program. Algorithm Workbench 1. If x is > 100 y=20 z=40 End IF 2. If a is < 10 then b=0 c=1 End If 3. If a is <10 b=0 Else If 4. If score is <60 Then Display “Your grade is F.” Else If score is <70 Then Display “Your grade is D.” Else If score is< 80 Then Display “Your grade is C.” Else If score is <90 Then Display “Your grade is B.” Else Display “Your grade is A.” End If End If End If End If 5. Main Mod If (amount1>10) AND (amount2 <100) Then If amount1>amount2 Then Display “Amount 1 is greater than Amount 2” Else If amount2>...

Words: 433 - Pages: 2

Premium Essay

Upload

...Economics 101 Summer 2012 Answers to Homework #5 Due 6/20/12 Directions: The homework will be collected in a box before the lecture. Please place your name, TA name and section number on top of the homework (legibly). Make sure you write your name as it appears on your ID so that you can receive the correct grade. Late homework will not be accepted so make plans ahead of time. Please show your work. Good luck! Please realize that you are essentially creating “your brand” when you submit this homework. Do you want your homework to convey that you are competent, careful, professional? Or, do you want to convey the image that you are careless, sloppy, and less than professional. For the rest of your life you will be creating your brand: please think about what you are saying about yourself when you do any work for someone else! 1. Consider a monopolist where the market demand curve for the produce is given by P = 520 – 2Q. This monopolist has marginal costs that can be expressed as MC = 100 + 2Q and total costs that can be expressed as TC = 100Q + Q2 + 50. a. Given the above information, what is this monopolist’s profit maximizing price and output if it charges a single price? Answer: MR = 520 – 4Q MC = 100 + 2Q 520 – 4Q = 100 + 2Q Q = 70 units of output P = 520 – 2Q = 520 – 2(70) = $380 per unit of output b. Given the above information, calculate this single price monopolist’s profit. Answer: Profit = TR – TC TR = P*Q = ($380 per unit)(70 units) =...

Words: 4706 - Pages: 19

Free Essay

Uploads

...Diversity Miss Nida Nazar English Project Report Shafa Rashid Ayesha Kamal Samra Bashir Priya Pari Divya Raani English Project Report Diversity Introduction The product Diversity introduces refreshing juices that are designed to healthy, delicious and refreshing. 100% natural with no artificial flavors, Diversity brings consumers the consumer a luscious juice that has no fat and has a variety of flavors they can enjoy. They are smooth and rich with the best kind of flavor that nature has to offer. Flavors Apple Orange Pineapple Peach Guava Mango Chaunsa Grape Pomegranate The Brand Name Diversity: 1. A range of different things. 2. The inclusion of individuals representing more than one national origin, color, religion, socioeconomic stratum, sexual orientation, etc. The reason we picked diversity as our brand name was to use it as a pun. It not only points towards how our wide variety of juices can be consumed in a number of situations by everyone, but also celebrates the difference in people’s backgrounds in Pakistan; race, religion, ethnicity, sect, age, gender, etc. Diversity, besides being a healthy and refreshing drink, hopes to strengthen the bonds between different people and remind everyone that our differences should not divide us. The concept of diversity encompasses acceptance and respect. It means understanding that each individual is unique, and recognizing our individual differences, just the way fruits have...

Words: 421 - Pages: 2

Premium Essay

Upload

...1. What is activity utilization at every step in the process? What is the direct labor utilization? An operation is composed of processes designed to add value by transforming inputs into useful outputs. Inputs may be materials, labor, energy, and capital equipment. Output may be a physical product or a service. A metric used to measure the rate at which potential output levels are being met or used. Displayed as a percentage, capacity utilization levels give insight into the overall slack that is in the economy or a firm at a given point in time. Using the data provided in the case, we are able to compile all data necessary to compute the capacity utilization at the clinic. 1. Front Desk = a. Registration b. Verification 2. Radiology Department = a. X-ray imaging b. Development of X-rat c. Diagnostic reading and comments 3. Hand-off X-ray to Clinic = a. Collection of X-ray b. Filing/exam room prep 4. Examination Room = a. Surgeon b. Resident c. Cast technician The activity utilization at every step in the process is as follows: 1- It’s an automatic activity 2- There are two senior resident students, but in a current time only one of them is working 3-4-5 The current available time (in total) for these activities is: a. = 1440; b. 1440; c. = 720. But since Paediatric Orthopaedic Clinic use these activities only 2/3 of the total time they are available we have these numbers: a. = 960; b. 960; c. = 480 6-7- This activity is performed by the same...

Words: 1561 - Pages: 7

Premium Essay

Upload

...Nike, Inc. Nike History Nike is the leading supplier of athletic footwear and apparel and manufacturer in the world. Founded in 1962 by University of Oregen track athlete Philip Knight and his coach Bill Bowerman. Nike was first known as Blue Ribbon Sports and started out as a distributor for Japanese shoe maker Onitsuka Tiger, now known as ASICS. In 1971 the “Swoosh” was designed for $35.00 by Carolyn Davidson and the first shoe sold doning the swoosh and the name Nike was a soccer shoe. In 1972, Blue Ribbon Sports changed its name to Nike, Inc. after the winged greek goddess of victory. Later on in the 1970’s the company’s world headquarters were opened up un Beaverton, Oregon. (http://www.theshoegame.com/Nike-History-Timeline-Info.html) Nike- 1980s The company really took off and became well known all across the world in the 1980’s. The company started prodection of their footwear in 11 countries including China, Vietnam, and Indonesia. Famous shoes such as the “Nike Air” Air Force Ones and the Air Aces were introduced. Also in the 1980’s, the famous Nike slogan “Just Do It” came about. The slogan is still a major focal point in the companies advertising and marketing to this day. The success of the Nike took a huge turn in 1985 when the company signed a deal with the world’s greatest basketball player of all time, Michael Jordan. Jordan played a major role in how successful nike is today. The newly introduce “Air Jordan” became popular to basketball players worldwide...

Words: 2419 - Pages: 10

Premium Essay

Upload

...Executive summary This project has focused to achieve three objectives which are mentioned at objectives part. Findings of these objectives have described on three different chapters respectively. Directors of Jessop ltd wants to know how a management accountant can contribute on Jessop’s continuous growth. I find on my study strategic management is very likely forward looking not like traditional cost accounting. Strategic management accounting is considering external factors like competitors and management accounting contributes not only strategy developing also critically evaluates the current strategy of any organisation. In addition, management accountant can assist to control costs by implementing activity based costing methods, offer competitive pricing, budgeting process etc. Also, by applying benchmarking process, management accountant can discover strengths and weakness of Jessop ltd and way to overcome these weaknesses and keep their steady growth by exploiting all strengths. In the second chapter of this study has described various types of relevant and irrelevant cost as well as tells which costs should management of Jessop be included on total cost calculation and why should not consider. Overall impacts of relevant and irrelevant costs (revenue) on decision making has depicted on that chapter in brief form. Focal point of final chapter is on how Jessop will be beneficiary by successful implementation of activity based costing (ABC) and various problems of...

Words: 3937 - Pages: 16

Premium Essay

Upload

...Public Relations Definition Role of PR Other aspects of management Public Relations, It is a practice of managing the spread of information between an individual or an organization and the public. Roger Hayward (2002:1) defines it as the propagation of the personality of the organization. it states the importance of communication between an organization and its public. Public relations can also mean a strategic communication process that builds mutually beneficial relationship between organization and their publics. Public relation may include an organization and an individual gaining exposure to their audiences using topics of public interests and new items that do not require direct payment. Public Relations aims at persuading the public, investors, perspective customers, partners and other stake holders to maintain a certain point of view, its leadership and products just like other aspects of management for instance marketing. Public Relations help in increasing sales and protection from unpopularity which could lead to regularity agency activities which may hinder the progress of an organization. Public Relations help in direct communication with the target group through methods such as websites, newsletters, events and public speaking. PR also in direct marketing to target groups through methods like advertising and direct mails. Public Relation is also becoming a management function rather than just a technical communication function. OTHER...

Words: 309 - Pages: 2

Premium Essay

To Upload

...Integration Issues Social integration at work can only be influenced to a small degree. The formation of cliques and exclusive social groups is a natural process that can be impossible to control at times. Because of this, companies can experience informal divisions in their staff, creating a situation where culturally diverse employees avoid exposure to each other during break times and after work. Although there is nothing fundamentally wrong with this scenario, it can hinder the effectiveness of sharing knowledge, skills and experience, thus curbing productivity growth and the effectiveness of teams. Diverse Experience Co-workers with diverse cultural backgrounds bring unique experiences and perceptions to the table in groups and work teams. Pooling the diverse knowledge and skills of culturally distinct workers together can benefit companies by strengthening teams' productivity and responsiveness to changing conditions. Each employee in a diverse workplace possesses unique strengths and weaknesses derived from their culture in addition to their individuality. When managed properly, diversity in the workplace can leverage the strengths and complement the weaknesses of each worker to make the impact of the workforce greater than the sum of its parts. Recommended diversity in the workplace solutions include: Ward off change resistance with inclusion. - Involve every employee possible in formulating and executing diversity initiatives in your workplace. Foster an...

Words: 1376 - Pages: 6

Premium Essay

Upload

...Would  you  try  it?  To  snort  chocolate  rather  than  eating  it?     On  Valentine’s  Day,  many  people  choose  to  buy  chocolate  for  their  other  half  as   present.  What  about  bringing  them  to  a  chocolate-­‐snorting  bar?     Dominique   Persoone,   a   Belgian   chocolatier,   has   created   a   device   for   chocolate-­‐sniffing,   which   is   a   powder   catapult   that   launches   small   bumps   of   cocoa  powder  mixed  with  mint  and  either  ginger  or  raspberry  to  user’s  nostrils.   People  who  are  extremely  obsessed  with  chocolate  may  find  it  as  good  news  to   have   found   another   way   to   indulge   their   love   for   chocolate.   As   Persoone   said,   “Life  is  boring,  let’s  have  fun.”     However,   health   concerns   remains   an   issue   here   since   the   safety   of   snorting   cocoa  powder  hasn’t  been  scientifically  proved.  There  is  no  research   at  present   that   tests   the   possible   effects   on   nose   or   lungs   caused   by   snorting   chocolate....

Words: 416 - Pages: 2

Premium Essay

Upload

...SEMESTER SPRING 2013 ECONOMICS (ECO401) ASSIGNMENT NO. 01 DUE DATE: 06 MAY, 2013 MARKS: 20 The case: The local sports goods manufacturing industry is one of the major source of foreign exchange earnings of Pakistan. At present, there are more than 2000 units, mostly on small scale in operation, with an installed capacity of Rs.20 billion per annum. The units are operating on single-shift basis. Sports goods worth US$261.148 million were exported in the year 2012. The industry enjoys a low markup rate of about 7% on loans and has an easy access to the European and US markets. Let the demand and supply functions of sports goods industry of Pakistan are: Qd = 17000 –6P Qs = 900 + 8P However, due to increased competition by countries such as China, India and South Korea the industry can no longer enjoy the profit; it did in the region earlier. These countries might not have the seasoned labor of Sialkot but they can compete Pakistan and meet any supply order on the basis of their research and development resources and uninterrupted power supplies. But in Pakistan due to shortage of electricity, research and development price of sports goods remained at very high level. a. Find the equilibrium price and equilibrium quantity for the sports goods industry in Pakistan. Also show the equilibrium condition graphically. b. Find out the price elasticity of demand and price elasticity of supply of Sports goods when the industry is in equilibrium and interpret the results. c. What will...

Words: 587 - Pages: 3

Free Essay

Upload

...Concentrated Knowledge™ for the Busy Executive Vol. 24, No. 11 (3 parts) Part 1, November 2002 • Order # 24-26 FILE: HANDS-ON MANAGEMENT ® Real-Life Stories of How People Change Their Organizations THE HEART OF CHANGE THE SUMMARY IN BRIEF By John Kotter and Dan Cohen CONTENTS The Heart of Change Page 2 Increase Urgency Pages 2, 3 If you’ve ever tried to change anything, you know how hard it is. How do you go about getting your message across to truly change people’s behavior? While most companies believe change happens by making people think differently, that isn’t the case. Instead, according to John Kotter and Dan Cohen, change happens when you make people feel differently. You have to appeal more to the heart than the mind. In this summary, you will learn about a new dynamic — the “see-feelchange” dynamic that fuels action by showing people potent reasons for change that spark their emotions. Built around the eight steps of change first introduced in Kotter’s bestseller, Leading Change, The Heart of Change gives straight advice on successful change — and true stories of companies making change happen. Build the Guiding Team Pages 3, 4 Get the Vision Right Pages 4, 5 What You’ll Learn In This Summary In the following pages, you will learn about: ✓ The Heart of Change: Why people succeed and why they fail at large scale-change and how you can use an eight-step path to success. ✓ The Need for Urgency: You will see why you must raise feelings of urgency so that people...

Words: 5929 - Pages: 24

Free Essay

Upload

...Practice Test Two Candidate Name _________________ INTERNATIONAL ENGLISH LANGUAGE TESTING SYSTEM LISTENING SECTION TIME: 30 MINUTES INSTRUCTIONS: You must not open the booklet until you are instructed to do so. Write your name and registration number at the top of the page. You should attempt all questions. All recordings will be played only once. Write all your answers on the test paper itself. After the section is over, you will be given ten minutes to transfer your answers to the given answer sheet. You are not permitted to take this exam booklet out of the examination room. There are 40 questions in this section. They are broken up into four parts as follows: Section 1 Section 2 Section 3 Section 4 Questions 1-10 Questions 11-20 Questions 21-30 Questions 31-40 Test 2 LISTENING SECTION 1 Questions 1-10 (CD3 Track 1) Questions 1-2 Choose the correct letters, A, B, or C. Example: What nursery school registration option does the woman choose? A Half-day B Full-day C Full-day plus after school care 1 What is the woman’s husband’s nationality? A Swiss B Swedish C Swazi 2 How is a child’s personal education number normally received? A By post B By e-mail C Picked up from the school Question 3 Choose the correct letters, A, B, or C. 3 Why is the husband out of town? A Vacation B Work C Family reasons Question 4 Choose three letters, A-F 4 Which THREE pieces of information are required to retrieve the child’s personal ...

Words: 5225 - Pages: 21

Premium Essay

Upload

...HIPAA Health Insurance Portability and Accountability Act of 1996 T he Health Insurance Portability and Accountability Act, commonly referred to as HIPAA, became a federal law in 1996. The act contains insurance reform provisions and introduces the establishment of a fraud and abuse control program when rendering medical care to Medicare patients. In 2000, regulations were established to protect the privacy of personal health information maintained by health care providers, health plans, hospitals, health care clearinghouses, and health insurers. These regulations became effective in 2003 (2004 for small health plans). Violators of HIPAA may be subjected to fines, prison, or both. HIPAA is organized into three parts: • Privacy regulations. HIPAA regulations guide health care providers with overall privacy measures, such as turning the charts toward the wall and making sure the computer screen is not visible. Five forms are required (privacy notice, acknowledgment, authorization, business associate agreement, and trading partner agreement). • Transaction standards. Requirements must be followed when putting the office software into HIPAA compliance. • Security regulations. HIPAA requires health care providers to keep computers safe. The first two parts had 2003 deadlines for compliance and the third part has a 2005 deadline. To adhere to the HIPAA regulations, a medical practice must have an appointed privacy official draft privacy policies and procedures, and implement a...

Words: 1848 - Pages: 8